third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp - Issue 2401573003: CSP: Fix 'strict-dynamic' with multiple policies. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(394)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

Issue 2401573003: CSP: Fix 'strict-dynamic' with multiple policies. (Closed)

Patch Set: Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h ('K') | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

diff --git a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

index b83b8399a6cb56c3fe9169ea8f9c767aac78aaba..aee39dc9f62b97532b365e0b8ce9aad2c8cade01 100644

--- a/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

+++ b/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp

@@ -584,10 +584,13 @@ bool CSPDirectiveList::allowPluginType(

bool CSPDirectiveList::allowScriptFromSource(

const KURL& url,

const String& nonce,

+ ParserDisposition parserDisposition,

ResourceRequest::RedirectStatus redirectStatus,

ContentSecurityPolicy::ReportingStatus reportingStatus) const {

if (isMatchingNoncePresent(operativeDirective(m_scriptSrc.get()), nonce))

return true;

+ if (parserDisposition == NotParserInserted && allowDynamic())

+ return true;

return reportingStatus == ContentSecurityPolicy::SendReport

? checkSourceAndReportViolation(

operativeDirective(m_scriptSrc.get()), url,

« third_party/WebKit/Source/core/fetch/ResourceLoaderOptions.h ('K') | « third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h ('k') | third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698